Cybersecurity, Emergency Incident, Contacting Security
How to contact the Cybersecurity Operations Center in an emergency.
NOTE: If you fear for your or someone else's safety, call 911.
For major cybersecurity emergencies (multiple systems affected, sensitive data at risk, etc):
STOP!
- Do not power anything off.
- Do not remove anything from the network yet if at all possible.
- Do not mess with any of the affected things if at all possible.
- Before you do anything, Security needs to work towards understanding, containing, mitigating, and ultimately recovering the incident. Messing with the system can complicate or disrupt campus's ability to do those things, so please take two steps back and breathe.
Immediately notify the Cybersecurity Operations Center (CSOC) 24-hour critical response phone number: 217-265-0000 (option 3)
NOTE: If you are not the Security Liaison for your unit, notify and involve your unit Security Liaison as well. If you do not know who your Security Liaison is, the CSOC can assist.
For other non-emergency cybersecurity incidents and/or events:
Send an email to security@illinois.edu
- Include symptoms you have observed as well as steps you've taken to contain, fix, or otherwise mitigate impact arising from the event.
- If your asset stores, processes, or transmits sensitive information or has access to sensitive or high-risk information, include that in your report.
For cybersecurity-related procedural questions and requests that do not involve any threat to University assets:
Send an email to securitysupport@illinois.edu
See https://go.illinois.edu/csoc for more details on the Critical Event Response team, what they do, and what to expect